If you use an ad blocker like AdBlock Plus, NoScript, or Glimmerblocker and …

So there was this article on the Internet recently about how ad blocking is devastating to sites that you love. You may have read it and there's a good chance that you participated in the frank and lively discussion that took place afterwards.

One of the things we learned from all of this is that not all people who use ad blockers are actually out to block our ads, and that many of you didn't realize that blocking ads hurt us and the other sites you love. Many care deeply about their privacy, personal information, and the well-being of their computers. Many were more than happy to unblock Ars, but many others had difficulty doing so due to the complicated nature of many ad blocking solutions. Dozens of you asked for help, so here it is.

In the first of many articles we plan to produce about these topics, we've attempted to collect information on how an informed Web user such as yourself can safely and responsibly whitelist websites that you support and trust. This can be extremely easy much of the time, but when you have multiple plug-ins competing to block resources—and if you want to be extra paranoid—the configuration process can be a little daunting, even for the nerdiest of us.

We've also put together a quick video tutorial that explains how to configure AdBlock Plus and NoScript that also explains a lot of what's covered in this article. If you learn better from watching, then that might be the way for you. The video demonstrates that the below technique works and shows you how to enter only one of the rules below. It's left as an exercise to the reader to input as many of the rules as he or she likes.

Done! A lot of people use more than just one method though. The second most popular of these are NoScript.

NoScript

NoScript can be extremely difficult to configure, so it'll need a little more explaining. The absolute easiest way to whitelist Ars is to add the following domains to your whitelist. You can do this through right-clicking on the small NoScript icon in your status bar and picking the following domains one-by-one, or by entering the NoScript preferences and highlighting the 'Whitelist' tab.

arstechnica.com—This one should be obvious.

doubleclick.net—This is the domain of the ad delivery and tracking system where we set up our ads and upload the images. DoubleClick (owned by Google) lets us put a start and stop date on the campaigns and set them up to only run for a fixed number of impressions.

2mdn.net—This is the domain that DoubleClick uses to serve ad images and sometimes flash files.

How to enter domains into NoScript's whitelist

Doing only this will whitelist these domains across the entire Internet. Some people are OK with this, and some are most definitely not. If you'd like to lock things down further, you need to step outside the whitelist and use an advanced feature of NoScript called ABE.

ABE stands for Application Boundry Enforcer and offers the ultimate amount of configurability when it comes to filtering content on the Web. ABE has a complex grammar that amounts to a firewall, and by combining rules an individual can allow or deny an infinite number of things inside their browser.

In this instance, we'll be using ABE to allow certain resources to load from arstechnica.com but to be denied when visiting any other domain. This technique is demonstrated in a simple example in the NoScript FAQ item 8.10. This FAQ item also tells us something extremely important for using ABE:

"[s]ince ABE's rule[s] work independently from NoScript's permissions, you need to "Allow safedomain.com" in NoScript's menu for [this] to work."

This means we'll need to add the above domains to our whitelist. Those are: arstechnica.com, doubleclick.net, and 2mdn.net. Don't panic! What we'll be doing next is adding strict ABE rules which will simulate the standard blocking behavior of NoScript, but with a small twist.

NoScript's Application Boundary Enforcer interface

First, here's the set of ABE rules we'll be using. People who are motivated to figure it out on their own or who know what they're doing can take these and run with them. Rules updated on Mar 11, 2010 at 14:55 CT:

# doubleclick is where we input campaigns and upload ads to be served.
# I've since broken this out these two doubleclick rules to be clearer and
# more explicit
Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny
Site doubleclick.net *.doubleclick.net
Deny
#google-analytics.com if you want to help us see what sections of ars you visit
Site google-analytics.com *.google-analytics.com
Accept from arstechnica.com *.arstechnica.com
Deny
Site http://s0.2mdn.net/2571327/
Accept from arstechnica.com *.arstechnica.com
Deny

If you've ever configured a firewall, these might look a little similar. Let's break these down in turn. The first thing to know is that each rule set is processed from the top down. Let's use the first as our example.

Site http://ad.doubleclick.net/adj/ars.dart/

This first line tells NoScript that we're specifically looking for content served from the domain ad.doubleclick.net. Furthermore, we're really looking only for content served from http://ad.doubleclick.net/adj/ars.dart/. This is important because even though we'll be locking this rule down to our domain, this goes one step further. By adding the ars.dart path here, we're explicitly saying we'll only accept resources specific to the Ars Technica DoubleClick account.

This is the account which only Ars Technica and Condé Nast Digital employees have access to so that they can log in and upload assets for ad campaigns.

Accept from arstechnica.com *.arstechnica.com

This line means that we're only going to allow the above rule to apply if we're on arstechnica.com or an Ars Technica subdomain such as jobs.arstechnica.com.

Deny

Site doubleclick.net *.doubleclick.net
Deny

The final line and second ruleset are the most important. These tell the ABE system that for every other domain on the Internet, we deny the right for these resources to load.

We've listed three sets of rules above. One for DoubleClick (which we just detailed here), one for Google Analytics, and one for 2mdn.net—this is the domain ad assets like images are served from. What's important here is that for each, we're only allowing them to load if we're on the Ars Technica domain.

You don't have to input all of these rule sets. To get all Ars ads, you'd only need to add the DoubleClick and 2mdn.net rules. However, I've included another for Google Analytics. I'll explain later why you might want to add this one as well.

279 Reader Comments

For those who missed the massive conversation mentioned in the article here's a general overview:

(0).STATEMENT: Things aren't working as they are now.

1. Argument 1: "That's because it's a failing business model"2. Argument 2: "But if we got rid of freeloaders everything would be okay."3. Argument 1: "But you wouldn't have to do that if you didn't have a failing business model."4. Argument 2: "But it's only failing because of freeloaders, why not just get rid of them?"5. Argument 1: "Because then you'll lose potential future money."6. Argument 2: "But we're losing actual money now."

Is there any way to load the ads, but not have to see them? That would be a win-win, because while I do want your business model to work, I really like the cleaned-up, no ads page that ADP gives me.

That would kind of unethical on our part to advocate such a thing. We've entered into legal agreements with our advertisers that we're accepting their money on the condition that real people will see their ads.

Quote:

This former subscriber is looking forward to the monthly payments soon to come. (You guys really do need to do something about LaserLads ego though.)

I'm a subscriber. How do you prevent 1000 people from sharing a login/password?

It's pretty easy to see when >1 IPs are using an account—a new session is created for that user with their IP address attached. That being said, it'd have to be pretty a pretty egregious offense for me to take notice and take action on it.

Currently, none of the the sites that I frequent have those annoying audio/video ads, so I don't have any ad blockers. The second they start putting such advertisements up, I get ad blockers. I really think many sites should try to think before acting when making advertisements. Having any of the following will get blocked:

SoundFlickeringPop-UpVideo

If a website is hurting from ad blocking, and using these methods to get attention, they have it coming.

One further thing I think you can/should mention is the option to run most browsers in a "private" mode. This will prevent cookies and also prevent content from messing with your settings. Throwing a browser into a lightweight VM will essentially ensure that your data is secure with almost 0 chance of infecting your machine. This is my typical method for dealing with flash when I'm on government computers- sites I don't trust, I use TACO and don't install Flash. When I have to deal with Flash for certain sites, or I have to run IE to deal with legacy government applications, I make sure it's inPrivate or in a VM so that I minimize my risk of infections.

Of course, on my main PC, I just run adblocker and either whitelist or pay the sites whose content I like. Flash and Firefox doesn't really peg out my computer at all, especially with Flash 10.1. This was just another simple tip for the "flash is the devil, but I need it to watch my cat videos" crowd. If you don't need it, don't block it- uninstall it. When you need it, use it securely.

the interesting thing is if the ads were unobtrusive and out of the way people would probably not block them, however as they often appear in places that draw the eye people do block them.

Well that's true to a point. I feel our ads are pretty tame. So what happens is that people see bad ads on one site, and blanket-block the whole web, even those people who are trying really hard not to be annoying.

Quote:

But is advertising no one reads worth paying for? therefore you can't win people will block till ads become out of the way and thereofre ineffective and not wanted by advertisers.

Also not entirely true. Billions and billions of dollars are spent each year by companies who have no idea if their advertising really works (print, TV, out-of-home—code for billboards). Lots of these companies just want to get their brand and company name in front of people's eyeballs.

What actually happens when people block ads is that publishers have to adapt or die. We're adapting and succeeding in a really awesome way with our subscription program. However, what typically happens is that as revenues for a site goes down, that site is "forced" to take on even more and more annoying ads to survive.

You could make an argument that such a site doesn't deserve to exist if it can't adapt, but even so, sites like that will live on for years and years like weird zombies in such a scenario.

I would suggest the whitelist approach for cookies as well. Tell your browser to reject all of them by default, use an extension like Cookie Monster to define exceptions for specific sites. Session cookies are good enough in most cases, only allow permanent ones for sites on which you want to stay logged in across browser restarts.

"But is advertising no one reads worth paying for? therefore you can't win people will block till ads become out of the way and thereofre ineffective and not wanted by advertisers."

But is advertising that actively pisses people off worth paying for? It's like having some guy run up to you and start poking you in the shoulder, yelling "HEY! HEY! HEY! HEY!! BUY THIS! HEY HEY!" *poke* *poke* *poke* *poke* *poke*

I take the "don't visit the site that runs adds that annoy me" route. I don't block 'em. Ars doesn't run ads that annoy me. So, here I am!

Currently, none of the the sites that I frequent have those annoying audio/video ads, so I don't have any ad blockers. The second they start putting such advertisements up, I get ad blockers. I really think many sites should try to think before acting when making advertisements. Having any of the following will get blocked:

SoundFlickeringPop-UpVideo

If a website is hurting from ad blocking, and using these methods to get attention, they have it coming.

Not that I haven't said this about a million times in the other thread but Ars has strict guidelines that our advertisers have to follow:

And informally we do not accept to run ads that are too far outside our demographic appeal or just insulting.

That being said, I would really like it if this thread stayed on topic w/r/t whitelisting, new tips, correcting any mistakes, et cetera. Debating the business model is great, but I'd prefer it happen in the thread from this past weekend.

Damn, I've recently started logging out of my Premier account when I'm not on the forum as I don't mind the banner ad frankly (and actually like the NetApp ones) and want to help your impression rate</asskiss>. But now I can't log out!

Hitting logout takes me to episteme where I click the top-level breadcrumb to go back to the Ars home page. Probably gotta clear my cookies but damn that's annoying.

Anyway, great article especially the part with ABE which should hopefully silence some of the most vocal critics from the last thread. I wouldn't hold my breathe though.

Thank you for the guide. The ABE for NoScript was the clincher for me. I now see your ads and know how to slowly implement changes for the other sites I love almost as much as Ars. I spent way too much time on Monday trying to figure out a way to do exactly what you showed me here.

However, what typically happens is that revenues for a site goes down, that site is "forced" to take on even more and more annoying ads to survive.

I think you have somewhat of a unique chance for some real-world tests if you can find a cooperative partner. If you can collaborate with an ad company to do it, it would be cool if you did a test where you took random samples of your data and said "this is the baseline numbers we tend to run- so many visitors per week, so many views per week, so many clicks, etc." Then, with the advertisers help, run a week or so of advertisements that display minimal animation and no sound. Make sure you announce it ahead of time so that people have a chance to turn off their flash blockers, etc. Ask people that refuse to use flash to simply uninstall it from their browser for a week.

See at the end of that week how many visitors, views and clicks you have. The point would be to show that the fewer views, the more annoying the ads can be...but the less annoying the ads, the more views one is likely to get. I imagine that this is a two-way street. Advertisers know that for most people flashing/blinking/loud ads get more clicks. Perhaps with Ars' help, they can learn that on tech sites, this is not the case.

While I respect Ars' right to ask users not to block ads, I think it would also be smart of them to demonstrate to the companies that buy ads that for certain demographics, their typical approach isn't as useful. Talking to the readers is one thing, but Ars can (and possible should) use this as a chance to influence the other side as well.

I think it would also be smart of them to demonstrate to the companies that buy ads that for certain demographics, their typical approach isn't as useful. Talking to the readers is one thing, but Ars can (and possible should) use this as a chance to influence the other side as well.

While I am hoping this thread stay on topic about the article per se, I wanted to just note that starting last fall we convened some readers and collected data on exactly this. We did it in our Server Room forum, and we're planning another run soon. Advertisers are blown away when they see the results. We just need to keep hammering them.

I started blocking ads on Ars, not because they were annoying per se, but because I frequently encountered page stalls while waiting for the ads to load. I'm not going to wait for content I want to see because of content I don't want to see.

You know, if there was a way as a subscriber to enjoy all the benefits of subscription while not blocking ads*, I would do it. The ads you run here are completely inoffensive to me; I'd be fine with still seeing them (I actually discovered and bought a Livescribe pen via one of your ads).

*shrug*

Of course, I imagine there a very small proportion of the very small proportion of your visitors who are subscribers would actively opt in to banner ads, so I can't think this is worth your time and effort. I'm more mentioning it to indicate my general support for your stance on advertising and content in general. Kudos to everyone on the Ars staff.

*With the exception of the banner ads that show up between posts in the Lounge; I don't want to see those.

I started blocking ads on Ars, not because they were annoying per se, but because I frequently encountered page stalls while waiting for the ads to load. I'm not going to wait for content I want to see because of content I don't want to see.

Maybe you can (have already?) fix that problem?

I'm not sure when you saw those, but sometime around Feb 2009, we instated a policy that all our ads had to load inside iframes. This keeps anything ad related from

1. doing anything crazy in the parent document like busting out of is prescribed area2. blocking the loading of assets from the parent document and the document itself

We've gone a lot further in optimizing how our page loads. We wait until the document is ready to do a lot of scripty-stuff and whenever possible we lazily wait until elements appear on a page to attach any handlers to them.

We also try to load external resources in child iframes. So for example below here the digg and reddit things load in frames so they shouldn't block. We go one step beyond the normal button code sites give you which load external JavaScripts just to make their iframes. We hardcode those iframes so requesting the external resources in the parent document aren't necessary.

When that's not possible (like for the facebook button for example), we lazily load the JavaScript for its operation until after the document loads—and even then we pull in all those scripts asynchronously using jQuerys $.getScript.

Educating users on privacy, privacy tools, and how to use them. Privacy is important and educating people on how to control it is a great service to folks. Sometimes you can have your cake and eat it, too.

This is how I like to see articles: informative, a tad friendly, with maybe a modicum of snark thrown in. It's more persuasive than "Whiiiiiiinnnnnneeeeee! Whoa is us and our financial stream based on advertising".

You know, if there was a way as a subscriber to enjoy all the benefits of subscription while not blocking ads*, I would do it. The ads you run here are completely inoffensive to me; I'd be fine with still seeing them (I actually discovered and bought a Livescribe pen via one of your ads).

*shrug*

Of course, I imagine there a very small proportion of the very small proportion of your visitors who are subscribers would actively opt in to banner ads, so I can't think this is worth your time and effort. I'm more mentioning it to indicate my general support for your stance on advertising and content in general. Kudos to everyone on the Ars staff.

*With the exception of the banner ads that show up between posts in the Lounge; I don't want to see those.

I'd even go one step further. I'd like to be able to see the ads, except for the specific ones I don't want to see - that is, a system similar to the Facebook ad system (minus all the wankery) so that Ars can collect info on which ads people are choosing to see. A fairly high percentage of the ads have essentially no interest or relevance for me (partly because I'm in the UK) but I have found the odd ad really interesting, and gone on to discover new products. Fusion Ads and The Deck are networks I often enjoy seeing the ads from, for this reason.

What about users on alternate platforms, where Flash sucks a big, fat chode? I don't see why I should have to use up a bunch of CPU time, spin up my fans, and make my whole computer laggy, just so I can read some text on Ars. Whitelisting on ClickToFlash or Flashblock is NOT the answer. Instead, the answer is to get you guys to send me the static image ad instead. I'm not quite ready to uninstall the Flash plug-in altogether, as it can come in handy sometimes, but I will only allow it to run when I've got no choice in the matter, and I happen to be seeking some rich content. If I'm just browsing for news, I don't need Flash bogging down my whole computer. So, what do you propose for someone who finds Flash completely unacceptable for ads? Are you guys amenable to catering to these users' needs? The choice for you right now is either you keep serving me Flash and I keep blocking it, or you find a way to serve me an image, and you get at least some revenue.

I block Flash and ads in general at home mostly because of some idiotic websites that seem to find it funny to (i) play stupid clips when you so much as hover over their banners, and (ii) irritating, content-blocking, scrolling ads, especially those that you can't close until after some time.

It's not so much the distraction of ads in general, it's their getting in the way. Many sites use ads just like a magazine would in the "old days" - and I was a religious follower of some of those (Amiga Power, Amiga Format, PC Format). That's the case here at Ars. I don't find them distracting at all - if I'm in a rush I just read the headlines and click the stories I want to check out. Static, non-intrusive ads are ok by me.

That said, if I browsed on a mobile device, which I don't, I think I'd be more sensitive to ads taking up bandwidth and costing me precious kB of traffic. But you're lucky with me because most of my Ars viewing is at work and I have plain old no-addons IE6 here.

I think it would also be smart of them to demonstrate to the companies that buy ads that for certain demographics, their typical approach isn't as useful. Talking to the readers is one thing, but Ars can (and possible should) use this as a chance to influence the other side as well.

While I am hoping this thread stay on topic about the article per se, I wanted to just note that starting last fall we convened some readers and collected data on exactly this. We did it in our Server Room forum, and we're planning another run soon. Advertisers are blown away when they see the results. We just need to keep hammering them.

You got it! I still think that another simple fix for the security conscious are the so-called "porn modes" of most browsers. They really are a very simple way for the security conscious to pass a minimal amount of data out and block many attack vectors. If you add your favorites prior to running the private mode, you'll still be able to use them, which means for almost 90% of my browsing, I can do it with privacy mode engaged and never have to type in a single URL.

What about users on alternate platforms, where Flash sucks a big, fat chode? I don't see why I should have to use up a bunch of CPU time, spin up my fans, and make my whole computer laggy, just so I can read some text on Ars. Whitelisting on ClickToFlash or Flashblock is NOT the answer. Instead, the answer is to get you guys to send me the static image ad instead. I'm not quite ready to uninstall the Flash plug-in altogether, as it can come in handy sometimes, but I will only allow it to run when I've got no choice in the matter, and I happen to be seeking some rich content. If I'm just browsing for news, I don't need Flash bogging down my whole computer. So, what do you propose for someone who finds Flash completely unacceptable for ads? Are you guys amenable to catering to these users' needs?

Generally, people without Flash get static representations of those ads. Simple .gifs. The problem with FlashBlocking plugins is that they masquerade as Flash and trick the ad servers into not serving the static ads, rather they server up the flash code and never execute it.

Flash ads are even more amenable to analytics in that they ping the ad server when they start and in some cases where there's additionally interactivity or video they can ping once in the middle and at the end to know if people are actually using them.

If there was some way to make these blockers show the static ads instead of the blocked flash, that'd be OK, except we get paid much less for those impressions (they may count as a fraction of an impression, but that's better than 0).

My blanket statement in these cases though is that if you're worried about flash or its a hog on your system, just uninstall it.

You'll survive, trust me

YouTube and Vimeo are doing HTML5 video these days, so put the pressure on the other guys to follow their lead (I am obviously under the impression that outside of ads one of the only other valid uses of Flash is to play video online )

Is there any way to load the ads, but not have to see them? That would be a win-win, because while I do want your business model to work, I really like the cleaned-up, no ads page that ADP gives me.

I do this for economist.com, purely to hide an obnoxious floating ad that tries to sell me a subscription despite the fact I'm already a subscriber. It's a bit hacky, but I just put a couple of 'display:none !important' rules into Safari's user-specified stylesheet.

So, what do you propose for someone who finds Flash completely unacceptable for ads? Are you guys amenable to catering to these users' needs?

If there was some way to make these blockers show the static ads instead of the blocked flash, that'd be OK, except we get paid much less for those impressions (they may count as a fraction of an impression, but that's better than 0).

What about an "ad format" toggle available on the menu when users are logged in? Would that solve the problem without lowering the number of people seeing the full-fat ads too much?